In the latest in a series of high profile data breaches, credit referencing agency Experian says hackers accessed its servers and stole the personal details of 15 million prospective T-Mobile customers.
The intruders gained access to a server that contained personal information for consumers who applied for T-Mobile USA postpaid services over a two-year period between 1 September 2013 and 16 September 2015.
Records containing a name, address, Social Security number, date of birth, identification number (typically a driver’s license, military ID, or passport number) and additional information used in T- Mobile's own credit assessment were accessed. No payment card or banking information was obtained says Experian.
In an open letter to customers, T-Mobile CEO John Legere expressed his fury over the leakage.
"Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected," he wrote. "I take our customer and prospective customer privacy VERY seriously. This is no small issue for us. I do want to assure our customers that neither T-Mobile’s systems nor network were part of this intrusion and this did not involve any payment card numbers or bank account information."
Experian's offer of free credit monitoring and identity theft services for two years to victims adds a touch of schadenfreude to the incident for rival security firms.
The offer has not gone down well with users in the Twittersphere either, leading an exasperated Legere to tweet:
More worrying is the damage to Experian's reputation. This is the second breach to have hit the company in as many years. An attack on an Experian subsidiary in 2014 exposed the Social Security numbers of 200 million Americans, sparking an investigation by at least four states.
"The major MNOs such as T-Mobile have the potential to become the next wave of identity brokers for the mobile generation," notes John Gunn, VP of communications at Vasco Data Security. "This would place them in direct competition with Experian, the company that just did more damage to their reputation than any competitor could ever hope for."
Just yesterday, Trump Hotels, online foreign exchange outfit FXCM and Kmart in Australia confirmed that they had been hacked in a cybercrime wave sweeping the computer systems of major corporations worldwide.